Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #3 Aug 28 th 2009 CSCI 6268/TLEN 5550, Fall 2009

Quiz #1 Friday A week from today, Sep 4 th Covers reading and lectures up to Weds Sep 2 nd In class, 50mins, closed notes, no calculators
Exhaustive Key-search We had 403291461126605635584000000 possible keys Keysize is lg of this, or about 88.4 bits Infeasible to exhaustively search even with a lot of money and resources! Rule of Thumb 2 30 quite easily 2 40 takes a while, but doable (exportable keysize!) 2 50 special hardware, parallelism important 2 60 only large government organizations 2 70 approaching the (current) limits of imagination

So Substitution Cipher is Secure? Nope Ever do the Sunday Cryptograms? Attacks: Frequency analysis etaoinshrdlu… Diphthongs, triphthongs ST, TH, not QX Word lengths A and I are only 1-letter words Other statistical measures Index of Coincidence
What did we just Implicitly Assume? What assumption was made in these attacks? What was a central feature of the Substitution Cipher which permitted these attacks? (hard) How can we repair these problems?

Small Blocksizes are Bad Ok, we had a blocksize of < 5 bits So fix it! Try 64 bits instead All is well? How many permutations are there now? 2 64 ! ≈ 2 2 70 Stirling’s formula: What is the keysize (in bits)? About 2 70 bits! Yow! 1TB is 2 40 * 2 3 = 2 43
Key is too Large We can’t store 2 70 bit keys What can we do then?

